Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: RDP, can it be done safely?
From: Marsh Ray <marsh () extendedsubset com>
Date: Thu, 10 Jun 2010 05:44:23 -0500

On 6/10/2010 4:44 AM, Larry Seltzer wrote:
All right, I guess you've got a point. I reflexively say VPN at times like
this because the very few reported RDP attacks I've seen have been MITM
attacks of the sort that VPNs effectively block. But a client
certificate/TLS implementation accomplishes the same thing and all you have
to open is the RDP port.

MS Terminal Services Gateway can be set up to require client cert
authentication and comes in over SSL/TLS over port 443 (RPC over HTTPS I
think).

Allowing raw RDP to come in through the firewall is not something I
would feel real good about.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]